1、LVS-NAT基于Cisco的LocalDirector。VS/NAT不需要在RealServer上做任何设置,其只要能提供一个tcp/ip的协议栈即可,甚至其无论基于什么OS。
2、基于VS/NAT,所有的入站数据包均由Director进行目标地址转换后转发至内部的RealServer,RealServer响应的数据包再由Director转换源地址后发回客户端。
3、VS/NAT模式不能与netfilter兼容,因此,不能将VS/NAT模式的Director运行在netfilter的保护范围之中。
# 注意:各节点间的时间偏差不应该超出1秒钟。
# Director配置NTP服务器:
Director:
yum install ntp
/etc/init.d/ntpd start
Client:
/usr/sbin/ntpdate Director_IP
VS/NAT拓扑示例:
Client
CIP=192.168.101.253
|
|
VIP=192.168.101.168 (eth0)
Director
DIP=10.10.10.1 (eth1)
|
(switch) ――――――――――
| |
RIP=10.10.10.11 (eth0) RIP=10.10.10.12 (eth0)
RS1 RS2
VS/NAT配置示例:
Director IP:
VIP:192.168.101.168/24
DIP:10.10.10.1/24
RS1 IP:
RIP:10.10.10.11/24 gw:10.10.10.1
RS2 IP:
RIP:10.10.10.12/24 gw:10.10.10.1
1、Director安装ipvsadm
# yum install ipvsadm
2、RS1安装httpd
# yum install httpd
# echo "rs1.redhat.com" > /var/www/html/index.html
# service httpd start
3、RS2安装httpd
# yum install httpd
# echo "rs2.redhat.com" > /var/www/html/index.html
# service httpd start
4、Director配置集群(调度算法:RR)
# echo 1 > /proc/sys/net/ipv4/ip_forward
# ipvsadm -A -t 192.168.101.168:80 -s rr
# ipvsadm -a -t 192.168.101.168:80 -r 10.10.10.11 -m
# ipvsadm -a -t 192.168.101.168:80 -r 10.10.10.12 -m
# ipvsadm -L -n
5、浏览器访问:http://192.168.101.168
6、Director配置集群(调度算法:WRR)
# ipvsadm -E -t 192.168.101.168:80 -s wrr
# ipvsadm -e -t 192.168.101.168:80 -r 10.10.10.11 -m -w 3
# ipvsadm -e -t 192.168.101.168:80 -r 10.10.10.12 -m -w 1
# ipvsadm -L -n --stats
7、浏览器访问:http://192.168.101.168
8、保存规则
# service ipvsadm save
或者:
# ipvsadm -S > /etc/sysconfig/ipvsadm.web
VS/NAT Script:
#!/bin/bash
#
# chkconfig: - 88 12
# description: LVS Script for VS/NAT.
#
. /etc/rc.d/init.d/functions
VIP=192.168.101.168
DIP=10.10.10.1
RIP1=10.10.10.11
RIP2=10.10.10.12
CSTATUS1() {
[ -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is running...\033[0m" && exit 1
}
CSTATUS2() {
[ ! -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is not running...\033[0m" && exit 2
}
case "$1" in
start)
CSTATUS1
echo -e "\033[32mStart VS/NAT of Director Server...\033[0m"
# Set the Virtual IP address.
/sbin/ifconfig eth0 $VIP netmask 255.255.255.0 up
/sbin/ifconfig eth1 $DIP netmask 255.255.255.0 up
# Director must open packet forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clean all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clean all ipvsadm rules/services.
/sbin/ipvsadm -C
# Set VS/NAT, Scheduling is Round Robin.
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -m
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -m
# Show VS/NAT status.
/sbin/ipvsadm -L -n
/bin/touch /var/lock/subsys/ipvsadm.lock
;;
stop)
CSTATUS2
echo -e "\033[32mStop VS/NAT of Director Server...\033[0m"
# Reset ipvsadm.
/sbin/ipvsadm -C
# Close VIP interface.
/sbin/ifconfig eth0 down &> /dev/null
# Close packet forwarding.
echo 0 > /proc/sys/net/ipv4/ip_forward
/bin/rm -f /var/lock/subsys/ipvsadm.lock
;;
status)
[ -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is running...\033[0m" || echo -e "\033[32mipvsadm is not running...\033[0m"
;;
*)
echo -e "\033[32mUsage: $0 {start|stop|status}\033[0m"
;;
esac